Hutchinson Decries ‘Partisan Attack’ Over Website, Says FBI Investigating

We were unable to send the article.

Gov. Asa Hutchinson said Monday that the FBI is investigating the data security issue that caused officials to take down the state’s pandemic unemployment website over the weekend.

The Republican also chided the Democratic Party of Arkansas for its “partisan attacks” over that and alleged favoritism concerning the state’s “Ready for Business” grant program.

On Friday, the state Department of Workforce Services took down its new website created to process unemployment applications for self-employed workers, sole proprietors and gig economy workers. 

The Arkansas Times had reported the same day that it had been contacted by a computer programmer applying for Pandemic Unemployment Assistance. The programmer said he found a vulnerability in the website that exposed sensitive information of about 30,000 applicants, including Social Security numbers and bank account numbers. 

According to the Times, the programmer said he had been unsuccessful in reaching state officials to alert them to the vulnerability.

“My information is that the data was exploited, and so that raises serious concerns,” Hutchinson said during his daily press briefing on the state’s COVID-19 response. The briefing took place in Forrest City.

“That is the reason the site had to be shut down,” he said. “And we’re proceeding to make sure the site is in a good security position so that we can resume our efforts to get the pandemic unemployment assistance to everyone who has applied for it.” 

Hutchinson said the term “exploited” refers to several actions, including someone viewing sensitive information. He said the state has notified its insurance carrier about the “breach.”

Hutchinson said state employees worked over the weekend and are continuing to work on getting the site back up. A third-party IT company is looking into the security issue as well.

Asked whether people should notify the state when they see a security issue on a website, the governor replied, “The question is, did you see the vulnerability or did you find the vulnerability?”

He also said he is awaiting more information from IT experts about “the sophistication of the breach” and “the sophistication of the weakness.”

The website was designed and built by Protech Solutions Inc. of Little Rocka software and database company that, according to its website, has done business with states including Arkansas, New Hampshire, Maine, Michigan, New Jersey and Delaware.

Protech’s contract for the website, signed April 14 with the Department of Workforce Services, is worth $3 million, but it allows up to $2 million more for contingencies. The contract lasts until June 30.

Protech has a long-term contract with Arkansas to run the state’s Child Support Information System, which handles child support payments in Arkansas. The current contract, signed in 2016 and running until next year, is worth $42 million.

Ready for Business

Michael John Gray, chairman of the Democratic Party of Arkansas, held a news conference earlier on Monday calling for investigations and bipartisan committee reviews into both the website security issue and “documented insider favoritism” involving the Arkansas Ready for Business grant program.

The program, launched late last month to help small businesses reopen as Arkansas rolls back COVID-19 restrictions, has been criticized by legislators and businesses for how it was designed, publicized and rolled out. 

Some legislators have said some businesses received early word of the grant program, giving them an advantage when they applied.

Both efforts — the Pandemic Unemployment Assistance program and the Ready for Business grant — are overseen by the state Department of Commerce, led by Mike Preston.

Gray said a bipartisan committee should investigate and tell the public what happened in both cases and what steps are being taken to prevent them from occurring in the future.

“We hang our head on the fact that I think the governor and Secretary Preston have both indicated that this issue has been beaten to death and it’s time to quit talking about it,” he said. “And, frankly, people put their trust in our government leadership, and just because you make a mistake and fix it, it doesn’t mean we quit talking about it.

“The point is a mistake was made, the trust was broken, people got insider knowledge, and we should know why and who and those who did it should be held accountable.”

Responding to the Democrats’ charges, Hutchinson said Monday afternoon that the bipartisan Arkansas Legislative Council had already reviewed the Ready for Business grant program. Legislators on Friday heard an update on the program from Preston and continued to voice their frustrations, according to the Arkansas Democrat-Gazette.

On Monday, Gray said the issue goes beyond state politics and a particular program.

“On top of that, I think that the approach, not just from the governor but for everyone through this process, all the way to the federal government, has been geared to those businesses who have a CPA or an attorney or a lobbyist at their fingertips. That’s not the majority of Arkansas businesses,” Gray said. “The application process, the eligibility requirements, the quick deadlines, are all geared to those who are more sophisticated or larger or have more influence in those realms and not to the everyday small business person in Arkansas.”

Gray noted that Arkansas is one of few states that have yet to issue Pandemic Unemployment Assistance to self-employed workers, and he said something more should be done for essential workers because many of them might be making less than people on unemployment. 

In a statement to KATV-TV, Channel 7, in Little Rock, the state Republican Party praised state leaders for their work amid the crisis.

“It is easy to backbench from a super minority without having to be responsible for one iota of public policy implementation,” party Chairman Doyle Webb said in a statement. “I believe Governor Hutchinson, Secretaries Smith and Preston are the right leaders for this time, and my prayers are with them as they continue to lead us through this difficult time. Their leadership has been even-handed, thoughtful, and data-driven.”